Ruleset Update Summary - 2025/11/14 - v11063

rulesbot · November 14, 2025, 9:43pm

Summary:

16 new OPEN, 16 new PRO (16 + 0)

Added rules:

Open:

2065766 - ET EXPLOIT_KIT LandUpdate808 Domain in DNS Lookup (omgtelecom .com) (exploit_kit.rules)
2065767 - ET EXPLOIT_KIT LandUpdate808 Domain (omgtelecom .com) in TLS SNI (exploit_kit.rules)
2065768 - ET WEB_SPECIFIC_APPS Citrix Session Recording .NET Remoting Remote Code Execution (CVE-2023-6184) (web_specific_apps.rules)
2065769 - ET WEB_SPECIFIC_APPS Cisco ISE StrongSwan API Unauthenticated Remote Code Execution (CVE-2025-20337) (web_specific_apps.rules)
2065770 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (persistancejs .store) (exploit_kit.rules)
2065771 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (centaurustermas .com) (exploit_kit.rules)
2065772 - ET EXPLOIT_KIT ZPHP Domain in DNS Lookup (srimedhasoft .com) (exploit_kit.rules)
2065773 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (persistancejs .store) (exploit_kit.rules)
2065774 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (centaurustermas .com) (exploit_kit.rules)
2065775 - ET EXPLOIT_KIT ZPHP Domain in TLS SNI (srimedhasoft .com) (exploit_kit.rules)
2065776 - ET MALWARE TA569 Gholoader CnC Domain in DNS Lookup (cpanel .fjfrey .com) (malware.rules)
2065777 - ET MALWARE TA569 Gholoader CnC Domain in TLS SNI (cpanel .fjfrey .com) (malware.rules)
2065778 - ET WEB_SPECIFIC_APPS Citrix StoreFront Reflected Cross-Site Scripting (CVE-2023-5914) (web_specific_apps.rules)
2065779 - ET WEB_SPECIFIC_APPS Citrix StoreFront XML Parsing Exception Response (CVE-2023-5914) (web_specific_apps.rules)
2065780 - ET MALWARE ArigonStealer CnC Exfil via Telegram (POST) (malware.rules)
2065781 - ET MALWARE Common RAT User-Agent (Stealer/) Observed (malware.rules)

Modified inactive rules:

2001255 - ET CHAT Yahoo IM ping (chat.rules)
2002303 - ET ADWARE_PUP Searchfeed.com Spyware 8 (adware_pup.rules)
2002916 - ET EXPLOIT RealVNC Authentication Bypass Attempt (exploit.rules)
2003074 - ET ADWARE_PUP Content-loader.com Spyware Install (adware_pup.rules)
2007674 - ET MALWARE E-Jihad 3.0 DNS Activity TCP (2) (malware.rules)
2007949 - ET MALWARE Medbod UDP Phone Home Packet (malware.rules)
2007984 - ET MALWARE Banker Trojan (General) HTTP Checkin (malware.rules)
2009164 - ET WEB_SPECIFIC_APPS openEngine filepool.php oe_classpath parameter Remote File Inclusion (web_specific_apps.rules)
2009385 - ET ACTIVEX Symantec WinFax Pro DCCFAXVW.DLL Heap Buffer Overflow (activex.rules)
2009386 - ET WEB_SPECIFIC_APPS Interact lib.inc.php Remote File Inclusion (web_specific_apps.rules)
2011370 - ET MALWARE Stupid Stealer C&C Communication (1) (malware.rules)
2011761 - ET DOS Possible MySQL ALTER DATABASE Denial Of Service Attempt (dos.rules)
2012050 - ET DOS Outbound Low Orbit Ion Cannon LOIC Tool Internal User May Be Participating in DDOS desu string (dos.rules)
2012885 - ET POLICY Http Client Body contains password= in cleartext (policy.rules)
2013511 - ET MALWARE Win32/CazinoSilver Checkin (malware.rules)
2014953 - ET MALWARE Capfire4 Checkin (update machine status) (malware.rules)
2020326 - ET EXPLOIT CVE-2015-0235 Exim Buffer Overflow Attempt (EHLO) (exploit.rules)
2020961 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (KINS CnC) (malware.rules)
2022069 - ET MALWARE KilerRAT CnC - Info Checkin (malware.rules)
2022278 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
2022447 - ET MALWARE Scarlet Mimic DNS Lookup 37 (malware.rules)
2022677 - ET MALWARE Ransomware/Coverton CnC 1 (malware.rules)
2023323 - ET MALWARE ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (malware.rules)
2100407 - GPL ICMP Destination Unreachable undefined code (icmp.rules)
2103143 - GPL NETBIOS SMB Trans2 FIND_FIRST2 response overflow attempt (netbios.rules)
2103144 - GPL NETBIOS SMB Trans2 FIND_FIRST2 response andx overflow attempt (netbios.rules)
2800402 - ETPRO NETBIOS Samba Root File System Access Security Bypass 2 (netbios.rules)
2803257 - ETPRO MALWARE Backdoor.Win32.RDPdoor.AE Checkin 2 (malware.rules)
2803408 - ETPRO NETBIOS Microsoft Internet Explorer url.dll Telnet Handler Insecure Exe Loading - SMB-DS ASCII (netbios.rules)
2803881 - ETPRO MALWARE Worm.AutoIt/Renocide.gen!C Checkin (malware.rules)
2804010 - ETPRO MALWARE Backdoor.Win32/Hanove.A Checkin (malware.rules)
2804854 - ETPRO MALWARE Trojan-Dropper.Win32.Agent.eoqo Checkin (malware.rules)
2809878 - ETPRO MALWARE Win32/Necurs Checkin 2 (malware.rules)
2810189 - ETPRO MOBILE_MALWARE Backdoor.AndroidOS.Agent.aq Checkin via FTP (mobile_malware.rules)
2822209 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.lt Checkin (mobile_malware.rules)
2822660 - ETPRO MALWARE Malicious SSL certificate detected (Gootkit CnC) (malware.rules)
2823673 - ETPRO MALWARE Observed Malicious SSL Cert (MalDoc DL) (malware.rules)
2825239 - ETPRO PHISHING Lets Encrypt Free SSL Cert Observed in Possible Apple Phishing (phishing.rules)
2826029 - ETPRO MALWARE Malicious SSL Certificate Observed (IcedID/BokBot CnC) (malware.rules)

Topic	Replies	Views
Ruleset Update Summary - 2025/11/06 - v11057 Ruleset Updates	72	November 6, 2025
Ruleset Update Summary - 2025/11/27 - v11072 Ruleset Updates	146	November 27, 2025
Ruleset Update Summary - 2025/06/10 - v10947 Ruleset Updates	127	June 10, 2025
Ruleset Update Summary - 2025/09/16 - v11016 Ruleset Updates	180	September 16, 2025
Ruleset Update Summary - 2024/12/18 - v10810 Ruleset Updates	107	December 18, 2024

Ruleset Update Summary - 2025/11/14 - v11063

Summary:

Added rules:

Open:

Modified inactive rules:

Related topics